Storage Soup

Jun 13 2007   2:03PM GMT

Shameful disclosure

JoMaitland Jo Maitland Profile: JoMaitland

Word of tapes “falling off the back of trucks” is almost a once-a-month event these days, but the way companies handle the disclosure of these albeit embarrassing incidents is shameful.

A coworker at TechTarget told me this morning that he had just recevied a letter from IBM informing him that the company had lost tapes containing sensitive current and former employee data, including and potentially his social security number.  This is old news [May 15], but a few things stuck me as interesting about it.

1) He has not worked for IBM in over 20 years, yet the company is still storing information on him. Ever heard of ILM over there guys? I think Tivoli has something…

2) IBM announced this publicly on May 15 but my friend did not receive the letter until June 7.

3) IBM lost the tapes on Feb. 23, 2007.

“Time was needed to investigate the incident, determine the nature of the information on the lost tapes, and conclude that recovery of the tapes was unlikely,” IBM said in an FAQ sheet sent to its employees.  “In order not to impede any continuing investigative efforts, we are not disclosing the numbers of individuals affected,” it added.

Come on! We weren’t born yesterday. IBM’s excuse for the delay in informing its employees, as well as the number that were affected seems disingenuous, probably to avoid further embarrassment.  It’s a poor response not to mention bitterly ironic given IBM’s focus on security.

My friend was given a year’s worth of free credit reporting to help him track whether anyone is using his stolen information.  If IBM thinks this is enough to rescue its relationship with its employees it might want to take a look at this survey of people who were notified that their personal information had been lost. It found that 20% of the people had already stopped doing business with that company and another 40% were considering it.

1  Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • George
    I know how you feel. I received the same letter from IBM and I never worked for IBM. Yep, you read that correctly. Not a clerical error, either. IBM got my data when it bought a company I stopped working for in 1991. IBM has an internal policy of archiving records for former employees forever. You can read more about this and my conversations with IBM about their data breach. I blog about this, the ID-theft risk and mess IBM created with their data breach, and related topics at: George
    0 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: